If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Disable the Properties Option For Recycle Bin(Windows 2000/XP)
This tweak allows you to restrict access to the "Properties" option on the Recycle Bin right-click context menu.

Location:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoPropertiesRecycleBin
TYPE: REG_DWORD
VALUE: (0 = disable restriction, 1 = enable restriction)
[gloworange]--------------------------------------------------------------------------------[/gloworange] Automatic Administrative Logon to Recovery Console (Windows 2000/XP)
The recovery console is a command line environment that is used to recover from system problems. This setting controls whether the administrator account will be logged on automatically or be required to enter a password when the recovery console is invoked during startup.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\
RecoveryConsole]
LABEL: SecurityLevel
TYPE: REG_DWORD
VALUE: (0 = require password, 1 = no password)
[gloworange]--------------------------------------------------------------------------------[/gloworange] Disable Password Caching in Internet Explorer (All Windows)
When you attempt to view a password-protected site, you are normally prompted to type your username and password with an option to "Save this password in your password list". This tweak can be used to disable the ability for users to save passwords.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings]
LABEL: DisablePasswordCaching
TYPE: REG_DWORD
VALUE: (0 = default, 1 = disable password cache)
[gloworange]--------------------------------------------------------------------------------[/gloworange] Limit the Number of Automatic Logins (Windows NT/2000/XP)
This setting is used to limit the number of automatic logins, once the limit has been reached the auto logon feature will be disabled and the system will display the standard authentication box.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: AutoLogonCount
TYPE: REG_DWORD
VALUE: Number of Automatic Logins
[gloworange]--------------------------------------------------------------------------------[/gloworange] Legal Notice Dialog Box Before Logon (All Windows)
Use these fields to create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user.

LABEL: LegalNoticeText
TYPE: REG_SZ (String Value)
VALUE : <MESSAGE>
[gloworange]--------------------------------------------------------------------------------[/gloworange] Disable Password Caching (All Windows)
Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
VALUE: NoLogOff
TYPE: REG_DWORD
VALUE: (1 = no log off, 0 = show log off)
[gloworange]--------------------------------------------------------------------------------[/gloworange]Disable File and Printer Sharing (Windows 95/98/Me)
When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
LABELS: NoFileSharing, NoPrintSharing
TYPE: REG_DWORD
VALUE: (0 = file sharing, 1 = disabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet.

EnableICMPRedirect = "0" (default = 1)
Stops Windows from altering its route table in response to ICMP redirect messages. Some documentation has this listed as "EnableICMPRedirects" but according to Microsoft it should be "EnableICMPRedirect" no "s".

EnablePMTUDiscovery = "0" (default = 1)
Disables maximum transmission unit (MTU) discovery as an attacker could force the MTU value to a very small value and overwork the stack.

KeepAliveTime = "300,000" (default = 7,200,000)
Reduces how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.

SynAttackProtect = "2" (default = 0)
Automatically adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
[gloworange]--------------------------------------------------------------------------------[/gloworange]Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
LABELS: SynAttackProtect,
TYPE: REG_DWORD
VALUES:
0 (default) - typical protection against SYN attacks
1 - better protection against SYN attacks that uses the advanced values below.
2 (recommended) - best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
[gloworange]--------------------------------------------------------------------------------[/gloworange]Disable Save Password Option in Dial-Up Networking (Windows NT/2000)
When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoCDBurning
TYPE: REG_DWORD
VALUE: (0 = Allow CDR, 1 = Disable CDR)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear Download Accelerator History (All Windows)
Download Accelerator Plus (DAP) is a tool used to retrieve files from Internet servers. It stores a history of the files downloaded and URLs visited. To increase privacy and security this tweak allows you to clear the history.

GOTO [HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList].
Delete the sub-keys under the key to clear the download history.

GOTO [HKEY_CURRENT_USER\Software\SpeedBit\Download Accelerator\HistoryCombo].
Delete the data in the value called "URLHistory" to clear the URL combobox history.

Data Type: REG_SZ (String Value)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable Recent Files in Media Player (All Windows)
This restriction will stop Windows Media Player from storing the names of the played media in the recent file list.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences]
LABEL: AddToMRU
TYPE: REG_BINARY (Binary Value)
VALUE: 00 = disabled, 01 = enabled
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear the Cached Run Commands (All Windows)
Do you have a lot of items in the run command history on Start Menu? This tweak will allow you to clear the most-recently-used (MRU) list.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
RunMRU]
DELETE: THE KEYS YOU DO NOT WANT
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear the Internet Explorer Typed Address History (All Windows)
Internet Explorer caches any URLs that are typed into the address bar. This may become a privacy issue on a shared computer, or a nuisance if there is a particular URL you want to remove without clearing the whole history.

LOACTION: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
DELETE: THE KEYS YOU DO NOT WANT
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable User Tracking (Windows 2000/XP)
This setting stops Windows from recording user tracking information including which applications a user runs and which files and documents are being accessed.

These (and many many more important security settings) can all be set via the point and click group policy editor and or local security policy, why bother hunting through the reg?

Plus isn't this like the second or third time this has been posted in the last few days? It's bad enough to reinvent the wheel, but to reinvent an inferior wheel, several times no less...

Additionally, you failed to mention some of the side effects of these settings, like the window resize issue after hardening against DoS attacks and other items are mislabled like "Secure Access to CD-ROM Drives" which is no more secure, it is restricted to the local user, which is also a bitch because you need to log out and logon as admin to install stuff from CD, you can't just run the installer as a privileged user.

Since it seems the only value this would have is to explain these settings, you might want to actually do so.

Maybe if you insist on posting this (as many times as it has been posted no less,) you could add a little value to it?

Their mostly from textfiles that i have in my PC. A long time ago i looked some up on some website, saved them in a text file for quick refrence. When i would find a new one i would add it to the text file. Winguides does sound famillier. Forgive me if thats where their from i cant really remember. If they are then i would like to give full credit to them.